U.S. CODE
Rulings
AD/CVD
Notices
HTSUS
U.S. Code
Regs
More
Ports
About
Updates
Apps
Larger font
Smaller font
CustomsMobile Pro
beta now open!
Apply for a FREE beta account. Spaces are limited so apply today.
SIGNUP FOR BETA
SEARCH
Toggle Dropdown
Search US Code
Search Leg. Notes
Sort by Rank
Titles Ascending
Titles Descending
10 per page
25 Result/page
50 Result/page
U.S Code last checked for updates: Nov 22, 2024
All Titles
Title 38
Part IV
Chapter 57
Subchapter III
§ 5723. Responsibilities...
§ 5725. Contracts for data proce...
§ 5723. Responsibilities...
§ 5725. Contracts for data proce...
U.S. Code
Notes
§ 5724.
Provision of credit protection and other services
(a)
Independent Risk Analysis
.—
(1)
In the event of a data breach with respect to sensitive personal information that is processed or maintained by the Secretary, the Secretary shall ensure that, as soon as possible after the data breach, a non-Department entity or the Office of Inspector General of the Department conducts an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach.
(2)
If the Secretary determines, based on the findings of a risk analysis conducted under paragraph (1), that a reasonable risk exists for the potential misuse of sensitive personal information involved in a data breach, the Secretary shall provide credit protection services in accordance with the regulations prescribed by the Secretary under this section.
(b)
Regulations
.—
Not later than 180 days after the date of the enactment of the Veterans Benefits, Health Care, and Information Technology Act of 2006, the Secretary shall prescribe interim regulations for the provision of the following in accordance with subsection (a)(2):
(1)
Notification.
(2)
Data mining.
(3)
Fraud alerts.
(4)
Data breach analysis.
(5)
Credit monitoring.
(6)
Identity theft insurance.
(7)
Credit protection services.
(c)
Report
.—
(1)
For each data breach with respect to sensitive personal information processed or maintained by the Secretary, the Secretary shall promptly submit to the Committees on Veterans’ Affairs of the Senate and House of Representatives a report containing the findings of any independent risk analysis conducted under subsection (a)(1), any determination of the Secretary under subsection (a)(2), and a description of any services provided pursuant to subsection (b).
(2)
In the event of a data breach with respect to sensitive personal information processed or maintained by the Secretary that is the sensitive personal information of a member of the Army, Navy, Air Force, Marine Corps, or Space Force or a civilian officer or employee of the Department of Defense, the Secretary shall submit the report required under paragraph (1) to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives in addition to the Committees on Veterans’ Affairs of the Senate and House of Representatives.
(Added
Pub. L. 109–461, title IX, § 902(a)
,
Dec. 22, 2006
,
120 Stat. 3455
; amended
Pub. L. 116–283, div. A, title IX, § 926(h)
,
Jan. 1, 2021
,
134 Stat. 3831
.)
cite as:
38 USC 5724
.list_box li,p,.cm-search-info,.cm-search-detail,.abt span,.expand-collapse_top
Get the CustomsMobile app!